Microsoft issues emergency patch for zero-day IE flaw being exploited in the wild

Ms. Smith |
Aug. 20, 2015

Microsoft released an emergency out-of-band patch for a critical IE vulnerability being exploited in the wild.

"Patch as quickly as possible," advised Qualys CTO Wolfgang Kandek. "Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks."

On the acknowledgments page, Microsoft thanked Clement Lecigne of Google for reporting the memory corruption flaw. Unlike some past Microsoft vulnerability disclosures, this one was not publicly revealed. The fact that it is being actively exploited might be "a case where both researchers and underground found it around the same time," Kandek suggested.